SOX Identity and Access Management Governance Strategist

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help? (

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (View email address on click.appcast.io?subject=Accommodation%20request)

(accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency: English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

This role is positioned within the Technology, Data & Operations (TD&O) SOX Governance Team and serves as an ITGC subject matter expert, specifically concentrated on Identity & Access Management (IAM) and other logical security–related SOX controls.

The primary objective is to ensure TD&O fulfills its responsibilities under SOX Sections 404 and 302 and FDICIA, acting as the connective layer between:

• TD&O internal technology teams

• SOX Program Management, including internal SOX auditors

• External SOX auditors

This makes the role a blend of IT risk governance, audit liaison, and control oversight—requiring both technical fluency and strong governance/reporting abilities.

Key Responsibilities

1. ITGC Risk & Control Expertise (Logical Security Focus)

You are expected to:

• Understand and apply IT general controls, particularly in areas such as provisioning, de-provisioning, access reviews, privileged access, authentication methods, and system access governance.

• Evaluate emerging risks, control failures, and design opportunities.

This reinforces the need for:

• Strong foundational ITGC knowledge

• Understanding of IAM technologies (e.g., SailPoint, Active Directory, PAM tools)

• Ability to identify control gaps or deficiencies

1. Issue Resolution & Analytical Problem-Solving

You’ll address issues affecting both:

• SOX compliance

• Underlying technology processes

This means:

• Translating technical problems into SOX impact assessments

• Recommending feasible, risk-based remediation strategies

• Supporting control owners in designing sustainable control improvements

• This is where IT risk expertise intersects with practical engineering or operational realities.

1. Governance Routines & Reporting

You’ll contribute to—or own—routine SOX reporting cycles, including:

• Executive-level updates

• Committee reporting

• Escalation of emerging or systemic risks

This requires:

• Strong communication skills

• Ability to convert technical details into concise, risk-focused reporting

• Comfort interfacing with senior leadership

1. Auditor Coordination & Request Management

You’ll be a point person within TD&O who:

• Coordinates with internal/external auditors on ITGC walkthroughs

• Manages evidence requests

• Clarifies process or control questions

• Helps drive consistent messaging across technology teams

This calls for:

• Understanding what auditors expect

• Ability to anticipate questions or areas of scrutiny

• Keeping TD&O aligned with SPM and audit expectations

1. SOX Issue Management & Remediation Tracking

You will partner with multiple groups to:

• Document issues/deficiencies

• Develop remediation plans

• Track progress and ensure timely closure

This requires:

• Structured project management

• Clear understanding of deficiency severity and impact

• Skill in influencing teams toward timely resolution

1. Organizational & Project Management Skills

The role requires coordination across:

• Technology process owners

• Risk partners

• Audit stakeholders

• Executive reporting channels

This implies:

• Ability to manage multiple competing priorities

• Strong documentation discipline

• Effective communication across technical and non technical stakeholders

1. Technology Partner Collaboration

You will provide SOX and IT risk perspective when:

• New technology initiatives launch

• System changes are made

• IAM or security processes are redesigned

This ensures SOX requirements are built into design—not retrofitted later.

For this opportunity, Truist will not sponsor an applicant for work visa status or employment authorization, nor will we offer any immigration-related support for this position (including, but not limited to H-1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN-1 or TN-2, E-3, O-1, or future sponsorship for U.S. lawful permanent residence status.)

This position is office-centric 5 days a week in either our Atlanta or Charlotte/Cascade hub.

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

1. Provide coordination, effective challenge and robust independent oversight of policies, limits, and committees to drive effective governance structures and requirements to effectively manage and mitigate risks within assigned business units and support alignment with the overall corporate strategy.

2. Provide consultative leadership and develop working relationships across assigned business units and committees to drive the implementation and execution of a multi-level governance document structure and comprehensive inventory for all defined governance materials.

3. Support and contribute to the design, implementation, and execution of comprehensive, forward-looking and risk-based frameworks, processes, and systems for prioritizing, structuring, reviewing and approving governance materials throughout the company.

4. Support the monitoring and execution of risk governance policies and procedures to establish defined processes, clear roles and responsibilities, and effective challenge routines.

5. Identify and monitor risk governance exceptions, issues, and emerging trends across assigned business units and committees to drive their remediation, acceptance, or escalation to governing bodies.

6. Document the governance and reporting program including methodologies, processes and procedures, report writing, conventions for consistently vetting and documenting findings and working papers.

7. Lead the Development and maintenance of processes and procedures to ensure the accuracy of the reports produced by the team.

8. Evaluate control weakness or key indicators exceeding risk limits and perform root cause analysis.

9. Build a working knowledge of the business units strategic plan, key objectives, risk appetite statement, and RSCA process to understand the risks identified and controls applied to mitigate them in order to execute ad hoc risk management initiatives and controls testing.

10. Assist in the detection of emerging and/or under recognized risks.

11. Conduct data aggregation to support risk appetite framework and quarterly profile, including KRI's and ongoing risk identification.

12. Assist business leaders in development of RAF metrics and thresholds.

13. Generate content for regular management and risk program governance committees.

14. Facilitate Risk Committee and other risk committee/working groups.

15. Demonstrate Truist’s risk culture.

Qualifications

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Bachelor’s degree in Business, Finance, Communications or equivalent education and related training.

2. Eight to twelve years of financial services or risk management experience, and/or equivalent education, training and experience.

3. Strong interpersonal and relationship management skills with ability to interact and communicate within all levels of organization, across functions, and within public sector/governmental agencies.

4. Strong analytical, cognitive, conceptual, critical thinking and organizational skills.

5. Demonstrated leadership, communication (verbal and written), presentation and facilitation skills.

6. Demonstrated planning ability with demonstrated judgment, problem-solving and decision-making skills.

7. Demonstrated proficiency in basic computer applications, such as Microsoft Office software products.

Preferred Qualifications:

1. Seven plus years of experience auditing SOX 404 / 302 ITGC controls, particularly within logical security and Identity & Access Management (IAM).

2. Working knowledge of IAM concepts such as provisioning, de‑provisioning, role-based access, privileged access management (PAM), authentication/authorization mechanisms, and access review processes.

3. Hands-on or oversight experience with IAM platforms (e.g., SailPoint, Active Directory / Azure AD, CyberArk, etc.).

4. Experience supporting or executing ITGC walkthroughs, control testing, or evaluating IT control deficiencies.

5. Familiarity with SOC 1 / SOC 2 reporting and related control environments.

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site (

. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law (

E-Verify (

IER Right to Work (